<?php
//定义SESSION的超时时间，单位秒
define("HOLD_TIME", 3600);
//session获取数据
$userId 		= $_SESSION["user"]["user_id"];
$shell 			= $_SESSION["shell"];
$role 			= $_SESSION["user"]["role"];
$loginTime 		= $_SESSION["loginTime"];

$table			= "user";
$idName			= "user_id";
//查询用户信息
Database::connect($HOST, $NAME, $PWD, $DB);
$result = Database::findById($table, $idName, $userId);
Database::close();
$s = md5($result["user_name"].$result["password"]);
//如果正好是登录页（99这里表示登陆页）
if ($PAGE_AUTHORITY==99) {
	//shell相等
	if($shell == $s){
		echo "<script>alert('你已经登录');</script>";
		echo "<script>top.location.href='/member/view/main.php';</script>";
		exit ;
	}
}else{//非登陆页
	//校验用户信息的合法性
	if (empty($result)||$shell!=$s) {
		session_destroy();
		echo "<script>alert('你无权访问该页，请重新登陆');</script>";
		echo "<script>top.location.href='/member/login.php';</script>";
		exit ;
	}else if ($PAGE_AUTHORITY<$role) {//检查用户的权限是否可以访问该页面
		echo "<script>alert('权限不足，无法访问该页');</script>";
		echo "<script>history.go(-1);</script>";
		exit ;
	}
	
	//session超时踢出
	if (mktime()-$loginTime>HOLD_TIME) {
		session_destroy();
		echo "<script>alert('超时，请重新登录');</script>";
		echo "<script>top.location.href='/member/login.php';</script>";
	}else{
		//没有超时就刷新session中的时间
		$_SESSION["loginTime"] = mktime();
	}
}


?>